Issue pulling as a Go Module

Question

Issue pulling as a Go Module

aka-mj opened this issue 4 years ago · 7 comments

When running go get -u gopkg.in/h2non/gentleman.v2 I get the following error:

> go get -u gopkg.in/h2non/gentleman.v2
go: downloading gopkg.in/h2non/gentleman.v2 v2.0.4
go get gopkg.in/h2non/gentleman.v2: gopkg.in/h2non/gentleman.v2@v2.0.4: verifying module: checksum mismatch
        downloaded: h1:Qq4Sk2jY7GoYBu8C5rZF/+RU9GdcnzPN9v3z5aBBGg8=
        sum.golang.org: h1:9R3K6CFYd/RdXDLi0pGXwaPnRx/pn5EZlrN3VkNygWc=

SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.
Exception: go exited with 1
[tty 27], line 1: go get -u gopkg.in/h2non/gentleman.v2

I'm able to pull down other modules. Any ideas?
Using Go version 1.14.

Answer 1 · 2020-07-29T21:03:40.000Z

You can try with: go get -u github.com/h2non/gentleman

Answer 2 · 2020-08-02T14:54:54.000Z

Same problem with:
go get -u gopkg.in/h2non/gentleman.v2/plugins/timeout
go: downloading gopkg.in/h2non/gentleman.v2 v2.0.4
verifying gopkg.in/h2non/gentleman.v2@v2.0.4: checksum mismatch

Answer 3 · 2020-08-02T15:02:33.000Z

Your suggestion won't work either.
$ go get -u github.com/h2non/gentleman
go: downloading github.com/h2non/gentleman v1.0.4
go: downloading github.com/h2non/gentleman v2.0.4+incompatible
go: github.com/h2non/gentleman upgrade => v2.0.4+incompatible
go: downloading gopkg.in/h2non/gentleman.v2 v2.0.4
verifying gopkg.in/h2non/gentleman.v2@v2.0.4: checksum mismatch

Answer 4 · 2020-08-25T21:13:18.000Z

We're having this issue as well when GOPROXY="direct". @h2non did you republish 2.0.4?

Answer 5 · 2020-09-29T14:18:05.000Z

We're having this issue as well when GOPROXY="direct". @h2non did you republish 2.0.4?

Seems like it. Diffed the two versions and got this change:

--- vendor/gopkg.in/h2non/gentleman.v2/.travis.yml (Qq4Sk2jY7GoYBu8C5rZF/+RU9GdcnzPN9v3z5aBBGg8=)
+++ /tmp/vendor/gopkg.in/h2non/gentleman.v2/.travis.yml (9R3K6CFYd/RdXDLi0pGXwaPnRx/pn5EZlrN3VkNygWc=)
@@ -1,6 +1,4 @@
 language: go
-
-go_import_path: gopkg.in/h2non/gentleman.v2
 
 go:
   - "1.13"

Answer 6 · 2021-02-01T17:52:32.000Z

I just ran into this, still seems to be an issue with sums getting cached places. Could you possibly tag a new version so this mismatch issue doesn't get in the way of the module verification?

Answer 7 · 2021-02-02T00:24:44.000Z

v2.0.5 tag was released.